22.8 Configuring Password Ageing

To specify how users' passwords are aged, edit the following settings in the /etc/login.defs file:

Setting

Description

PASS_MAX_DAYS

Maximum number of days for which a password can be used before it must be changed. The default value is 99,999 days.

PASS_MIN_DAYS

Minimum number of days that is allowed between password changes. The default value is 0 days.

PASS_WARN_AGE

Number of days warning that is given before a password expires. The default value is 7 days.

For more information, see the login.defs(5) manual page.

To change how long a user's account can be inactive before it is locked, use the usermod command. For example, to set the inactivity period to 30 days:

# usermod -f 30 username

To change the default inactivity period for new user accounts, use the useradd command:

# useradd -D -f 30

A value of -1 specifies that user accounts are not locked due to inactivity.

For more information, see the useradd(8) and usermod(8) manual pages.